This was something I need for one of my customers and all credit for the below goes to Michael Shinn of Prometheus Global - home of Atomic Secured Linux.
First you will need to either pay for, or download a free database of geomaps. Check out www.maxmind.com
for free database files. (They also sell database files)Then set this in your global modsecurity configuration:
SecGeoLookupDb /usr/local/geo/data/GeoLiteCity.datHeres a simple rule to block anything from China:
SecRule REMOTE_ADDR "@geoLookup" "chain,drop,msg:'Blocking China Host"
SecRule GEO:COUNTRY_CODE "@streq CN" "t:none"
And drop that into the vhost.conf file for that domain.And these are the fields you can change:
COUNTRY_CODE: Two character country code. EX: US, UK, etc.
COUNTRY_CODE3: Up to three character country code.
COUNTRY_NAME: The full country name.
COUNTRY_CONTINENT: The teo character continent that the country is located. EX: EU
REGION: The two character region. For US, this is state. For Canada, providence, etc.
CITY: The city name.
POSTAL_CODE: The postal code.
LATITUDE: The latitude.
LONGITUDE: The longitude.
DMA_CODE: The metropoliton area code. (US only)
AREA_CODE: The phone system area code. (US only)